2:39 PM
Silver
The What
It turns out that each iPhone periodically records your latitude and longitude coordinates along with the time, to the second, that you were there. These records are kept on the iPhone in a file called “consolidated.db” and are then synced to which ever computer you use to sync to iTunes each time you connect your iPhone. Even worse, anybody can easily access this file, either from your iPhone or computer, meaning that anyone who stole your iPhone or the computer could discover details about your movements. As one of the security experts, Pete Walden, describes, “Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been.”
“But can’t you just turn location services off?” You can but, that won’t solve the problem as iPhone, as well most other phones, can get it’s coordinates from cell phone towers, not just GPS. What it does is it “pings” three separate cell phone towers and using the response time it can triangulate its coordinates. However this isn’t the first instance of such techniques. Most cellular providers like AT&T already do this and can always store this data. Law enforcement officials can also access this information too like if they need to know your location due to a 911 call (or prank one). But this is the first instance of this information being available to anyone with access to your phone or computer. In addition, there appears to be no reason why Apple is collecting this data and why they don’t allow users to opt-out of the service.
The Apple iPhone also seems to be the only smartphone that records the user’s every location onto an onboard log. The other security research, Alasdair Allan, has looked for similar tracking codes in Google’s Android phones and was not able to find any. "We haven't come across any instances of other phone manufacturers doing this,” says Warden. Whenever you startup a brand new Android phone, Google prompts you to agree to the following terms: "Allow Google's location service to collect anonymous data. Collection will occur even when no applications are running." Gizmodo sent an inquiry to Google asking what it exactly meant but Google refused to respond for the record. However it does appear that the anonymous location data collection is not kept permanently and is an opt-in service unlike the iPhone’s. Gizmodo also asked Microsoft about their Windows 7 phones and they replied that the only location data stored on the phone is your last known location, most likely for use with the Find My Phone feature. As soon as a new location is recorded, the previous data is erased.
The Why
So why exactly is Apple secretly recording your location data? John Gruber has a possible explanation: it’s just a bug. According to Gruber and his Apple insider sources, the location tracking is most likely an oversight. He says the log is probably supposed to be as log that only records a limited number of locations and will delete any old entries but currently isn’t due to a coding mistake. “. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.” This definitely a possibility as both Android and Windows 7 phones work in a similar way.
Should You Be Worried?
John Gruber provides some comforting news for those of you were preparing your tin foil hats. First of all, the location database isn’t really storing your exact GPS data. What it is doing is just making a rough location fix based on triangulation of cell towers. That means that the aforementioned database can’t reveal where you were, but only the approximate vicinity of where you were. Even better, the location recorded can be miles off course. Gruber suggests that this means that the log’s purpose is to track the performance of the phone and the network, and not to snoop on the user’s location. Second of all, this information is only accessible with physical access to your iPhone or computer. This means that information can’t be sold to companies for advertising such as other privacy exploits. So only if you’ve jailbroken your iPhone and didn’t change the remote-access password or another exploit occurred, no one on the internet will have access to your data. Finally, an easy fix to patch up the computer vulnerability is to check the “Encrypt iPhone Backup” option in iTunes. This prevents anyone, even with physical access to your computer, from accessing your location data.
What Else Can You Do?
Other than encrypting your iPhone backups you can use a nice little jailbroken app called “Untracked” which will provided a fix for the tracking issue. What it does it is it simply deletes the “consolidated.db” file every time it’s created erasing all record of where you’ve been. All you have to do is simply download the app and it will run in the background and will keep your location records nice and clean. The only downside to this app is that its requires a jailbroken iPhone so that’s a little inconvenient.
0 comments:
Post a Comment